A security access control method for USB storage device based on thin virtual machine monitor
A virtual machine monitor and security access control technology, applied in computer security devices, program control design, program control devices, etc., can solve problems such as low security and lack of comprehensive decision-making ability
Active Publication Date: 2020-08-21
INST OF SOFTWARE - CHINESE ACAD OF SCI +1
View PDF5 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
However, the LSM framework itself has shortcomings such as lack of comprehensive decision-making capabilities. Although the implemented modules can be dynamically loaded, when an attacker obtains root privileges, they can completely bypass these USB access control modules, and then use the USB storage device to steal data.
[0006] At present, in the Windows operating system, the main research includes: a USB mobile storage device access control system based on WDM (Windows Driver Model) filter driver, using the device driver model introduced by Microsoft to realize the access control of USB storage devices; or using Windows to provide API interface to develop a monitoring system for USB storage devices at the application layer, but the security is not high
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0029] The present invention will be described in further detail below through specific embodiments and accompanying drawings.
[0030] figure 1 It is a system architecture diagram of the present invention. The present invention intercepts the identification operation, read operation, and write operation of a specific USB storage device according to the access rights that the USB storage device has by analyzing the realization principle of the USB host controller in BitVisor (i.e. figure 1 The function shown in the "intercept module" in the above), to achieve the purpose of device security access control. That is, the present invention adds a USB identification module, a read-only control module and a write-only control module on the basis of the USB host controller in the BitVisor.
[0031] 1. Implementation method of equipment identification control
[0032] Register a HOOK function (hook function) for the prohibited USB storage device in Bitvisor, such as figure 1 As sh...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention relates to a USB storage device security access control method based on a thin virtual machine monitor. The key steps of I / O interception of the USB device are proposed by analyzing data flow, which is achieved by simulation in BitVisor, in a BULK-ONLY protocol of the USB storage device. According to the method, by analyzing the implementing principle of a USB main controller in the BitVisor, identification, read and write operations of a special device are intercepted based on access authority owned by the device, and therefore the purpose of security access control is achieved. Meanwhile, based on the implement of the thin virtual machine monitor BitVisor, the security access control of the USB storage device is transparent to an operating system, and the security does not depend on the security of the operating system; moreover, compared to Xen and other virtual machine monitors, the thin virtual machine monitor BitVisor is smaller in volume, and higher in security and reliability, so that the USB storage device security access control method based on the thin virtual machine monitor is higher in security and reliability.
Description
technical field [0001] The invention relates to a method for controlling security access of a USB storage device based on a thin virtual machine monitor, and belongs to the technical field of software engineering. Background technique [0002] At present, in the Linux operating system, the security access control mechanisms of USB storage devices mainly include several types based on udev, based on the LSM framework, and based on the system USB device driver layer. [0003] Security access control mechanism for USB storage devices based on udev: udev is a device manager for Linux Kernel 2.6 series. This mechanism realizes the goal that the USB storage device is unavailable by modifying the rule file of udev. This method is implemented at the application layer, and the security is not high. [0004] USB storage device security access control mechanism based on the system USB device driver layer: This mechanism is mainly to modify the corresponding functions of the driver la...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): G06F9/455G06F13/42G06F21/60
CPCG06F9/45533G06F13/4282G06F21/604G06F2221/2141
Inventor 马恒太刘欢薛刚汝
Owner INST OF SOFTWARE - CHINESE ACAD OF SCI